Bitbucket Pipelines

For advanced users, Bitbucket CI/CD (Continuous Integration/Continuous Delivery or Continuous Deployment) can automatically deploy code changes to your Kinsta site whenever a new commit is pushed to the designated branch. This setup enables seamless code deployment from your local environment via SSH and Bitbucket Pipelines, allowing continuous updates to your site.

To follow these steps, you must have an existing site hosted on Kinsta and a Bitbucket account.

1. Download a backup of your site

You can download a backup of your site to set up the Bitbucket repository and work on it locally. Alternatively, you can use DevKinsta to pull your site from the Kinsta server and work on it locally.

In MyKinsta, go to WordPress Sites > sitename > Backups > Download > Create backup now.

When your backup is ready, click Download, save this to your local computer, and unzip the files to a folder.

2. Set up the Bitbucket repository

Open the folder containing your site’s files in your preferred code editor. To prevent uploading unnecessary WordPress core files, media uploads, or sensitive information, add a .gitignore file to the root directory of your project. You can use a standard WordPress .gitignore template, copy its contents, and save it to ensure only the essential files are tracked.

In Bitbucket, go to your workspace and create a new repository. Ensure Include a README and Include .gitignore are set to No. Once the repository is created, you also need to enable pipelines. In the repository, go to Settings and select Enable Pipelines.

3. Set up SSH authentication

To securely connect to your Bitbucket repository, you must set up SSH authentication.

Generate an SSH key pair on your local machine using the following command, replacing [email protected] with your email address:

ssh-keygen -t ed25519 -C "[email protected]"

Save the key pair in a location you can easily reference (e.g., ~/.ssh/id_rsa_bitbucket).

Open and copy the public key (~/.ssh/id_rsa_bitbucket.pub). In Bitbucket, go to Settings > Personal Bitbucket Settings > SSH Keys > Add key and paste the details of the public key. This authorizes your machine to push code securely.

Add the same key in MyKinsta, go to your username > User Settings > Add SSH Key, paste the same public key details and click Add SSH key.

4. Push your code to Bitbucket

Open the folder containing your site’s files in your preferred code editor and use the following commands to push your code to Bitbucket, replacing your-username and your-repo with your Bitbucket username and repository name:

# Initialize a new Git repository
git init
# Stage all files for the first commit
git add .
# Commit the files with a message
git commit -m "Initial commit of WordPress site files"
# Add the Bitbucket repository as the remote origin
git remote add origin [email protected]:your-username/your-repo.git
# Push the files to Bitbucket
git push -u origin main

5. Set up SSH access in MyKinsta to Bitbucket

To allow the Kinsta server to pull code from Bitbucket, you must generate an SSH key on the server and add its public key to your Bitbucket account.

Open a new terminal and SSH into your Kinsta server using the SSH terminal command from your site’s Info page in MyKinsta.

Enter your site’s password and then generate a new SSH key using the following command, replacing [email protected] with your email address:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Press Enter to save the key to the default location and leave the passphrase blank when prompted.

6. Add the SSH key to Bitbucket

Access the contents of the public key file (e.g., ~/.ssh/id_rsa.pub), with the following command:

cat ~/.ssh/id_rsa.pub

Copy the entire output, then in Bitbucket, go to Settings > Personal Bitbucket Settings > SSH Keys > Add key and add the public key. This authorizes the Kinsta server to access your Bitbucket repository securely.

7. Configure Git to use SSH on the Kinsta server

In MyKinsta, on the Info page, copy the Path from Environment details.

In the terminal, navigate to your site’s live directory with the following command, replacing /www/your-site/public with the path copied from MyKinsta.

cd /www/your-site/public

Initialize the directory as a Git repository and set the remote URL to use SSH with the following command, replacing your-username and your-repo with your Bitbucket credentials and repository:

git init
git remote add origin [email protected]:your-username/your-repo.git

Confirm that the SSH setup works by running the following command:

ssh -T [email protected]

You should see a message similar to: “authenticated via ssh key. You can use git to connect to Bitbucket. Shell access is disabled.” Your Kinsta server is now ready to receive and deploy updates from Bitbucket directly through Bitbucket pipelines.

8. Add environment variables to Bitbucket

To store sensitive Kinsta information securely, you need to add environment variables to Bitbucket. In MyKinsta, go to WordPress sites > site name> Info; from the SFTP/SSH section, you need the Host, Port, and Username. 

In Bitbucket, go to Repository Settings > Repository Variables and add the following:

• KINSTA_USERNAME: This is your SSH Username for the Kinsta server. Bitbucket Pipelines uses it to log in and execute deployment commands.
• KINSTA_SERVER_IP: This is the SSH Host address of your Kinsta server. It allows Bitbucket Pipelines to know which server to connect to for deployment.
• PORT: This is the SSH Port used by your Kinsta server. Kinsta servers use a custom port, so you must specify that here.
• SSH_PRIVATE_KEY: This is your base64-encoded SSH private key from your local machine. Bitbucket pipelines use this key to authenticate to your Kinsta server. To encode your private key in base64, run the following command, copy the output, and add it as the value:
  Copy

  cat ~/.ssh/id_rsa | base64

9. Bitbucket Pipeline configuration

To automate deployments, you need to create a bitbucket-pipelines.yml configuration file. In the local folder containing your site’s files, create a new file called bitbucket-pipelines.yml and add the following content to the file, replacing your-site with the folder name from the path on your Kinsta site:

pipelines:
  branches:
    main:
      - step:
          name: Deploy to Kinsta
          script:
            - pipe: atlassian/ssh-run:0.8.1
              variables:
                SSH_USER: $KINSTA_USERNAME
                SERVER: $KINSTA_SERVER_IP
                PORT: $PORT
                COMMAND: |
                  cd /www/your-site/public &&
                  git fetch origin main &&
                  git reset --hard origin/main
                SSH_KEY: $SSH_PRIVATE_KEY
                DEBUG: 'true'

This pipeline is set up to automate deployments to your Kinsta server whenever there’s a new push to the main branch. The workflow does the following:

• Pipeline trigger: The pipelines section is configured to trigger when a push is made to the main branch. This means any new commit to the main branch automatically starts the deployment.
• Step: This is named “Deploy to Kinsta” for clarity. It contains the main deployment actions.
• SSH-run pipe: This uses the atlassian/ssh-run pipe, which allows Bitbucket to connect to your Kinsta server via SSH and execute commands remotely. This pipe simplifies setting up an SSH session, running the commands, and closing the session, so there’s no need to manage SSH details manually in the script.
• Deployment commands: The COMMAND block contains the commands that deploy the latest code to your WordPress site. Here’s what each command does:
  • The first command navigates to the live directory where WordPress is hosted.
  • The second command then runs git fetch origin main to pull the latest code from the main branch in Bitbucket.
  • The last command then updates the live site with the latest code from the main branch.

This configuration handles all aspects of the deployment – from connecting to Kinsta to updating your site files – so your WordPress site on Kinsta will stay up-to-date automatically with each push to main.

10. Test the pipeline

Commit and push the bitbucket-pipelines.yml configuration file to the main branch. This automatically triggers the pipeline and starts the deployment process. You can monitor the deployment’s progress in the Bitbucket Pipelines dashboard. If everything is set up correctly, Bitbucket will connect to your Kinsta server, fetch the latest code, and deploy it to your live site.

For troubleshooting, check the pipeline logs in Bitbucket, especially if DEBUG is set to "true". The logs provide detailed information about each step, which can help identify any connection or configuration issues.

If the pipeline isn’t connecting to your Kinsta server properly, this could be due to the remote URL being set to HTTPS instead of SSH. To confirm, SSH into your Kinsta server and run the following command in your site’s directory:

git remote -v

If it shows https:// instead of ssh://, you’ll need to update the remote URL so that the SSH key can be used for authentication. Run the following command to switch to SSH:

git remote set-url origin [email protected]:your-username/your-repo.git

After updating the URL, push your changes again, and the pipeline should connect using the SSH key.